Debian 11 PyJWT Critical Header Parameter Issue DLA-4564-1 CVE-2026-32597

It was discovered that PyJWT, a Python implementation of JSON Web Token did not validate the crit (Critical) Header Parameter defined in RFC 7515 §4.1.11. When a JWS token contains a crit array listing extensions that PyJWT does not understand, the library accepts the token instead of rejecting it. This violates the MUST requirement in the RFC.LinuxSecurity – Security AdvisoriesRead More